S3 Access Block should Ignore Public Acl
| Property | |
|---|---|
| Language |  |
| Severity |  |
| Service | s3 |
| Provider | AWS |
| Vulnerability Type | omission |
Description#
S3 buckets are configured to accept public ACLs, meaning that objects can be made publicly accessible via PUT operations specifying a public ACL. The bucket is not set to ignore public ACLs, leaving it vulnerable to unintended public exposure of data.
Impact#
An attacker or misconfigured application could upload objects with public ACLs, making sensitive data publicly accessible. This can lead to unauthorized data disclosure, regulatory violations, and potential data breaches affecting the organization’s confidentiality.
Resolution#
Enable ignoring the application of public ACLs in PUT calls